summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
Diffstat (limited to 'user')
-rw-r--r--user/bind/APKBUILD2
-rw-r--r--user/cifs-utils/APKBUILD8
-rw-r--r--user/claws-mail/APKBUILD8
-rw-r--r--user/confuse/APKBUILD10
-rw-r--r--user/eigen/APKBUILD11
-rw-r--r--user/i3status/APKBUILD2
-rw-r--r--user/libcroco/APKBUILD11
-rw-r--r--user/libcroco/CVE-2020-12825.patch187
-rw-r--r--user/libjpeg-turbo/APKBUILD8
-rw-r--r--user/libjpeg-turbo/CVE-2020-13790.patch35
-rw-r--r--user/libproxy/APKBUILD13
-rw-r--r--user/libproxy/CVE-2020-25219.patch57
-rw-r--r--user/libproxy/CVE-2020-26154.patch93
-rw-r--r--user/meson/APKBUILD4
-rw-r--r--user/yubikey-personalization/APKBUILD6
-rw-r--r--user/yubikey-personalization/json_c.patch83
16 files changed, 472 insertions, 66 deletions
diff --git a/user/bind/APKBUILD b/user/bind/APKBUILD
index 2b39c5f1f..44cd5cf30 100644
--- a/user/bind/APKBUILD
+++ b/user/bind/APKBUILD
@@ -9,7 +9,7 @@ _p=${pkgver#*_p}
_ver=${pkgver%_p*}
_major=${pkgver%%.*}
[ "$_p" != "$pkgver" ] && _ver="${_ver}-P$_p"
-pkgrel=0
+pkgrel=1
pkgdesc="The ISC DNS server"
url="https://www.isc.org/downloads/bind/"
arch="all"
diff --git a/user/cifs-utils/APKBUILD b/user/cifs-utils/APKBUILD
index 798bb8a1e..17b83ab41 100644
--- a/user/cifs-utils/APKBUILD
+++ b/user/cifs-utils/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcolista@alpinelinux.org>
# Maintainer: Max Rees <maxcrees@me.com>
pkgname=cifs-utils
-pkgver=6.10
+pkgver=6.11
pkgrel=0
pkgdesc="CIFS filesystem user-space tools"
url="https://wiki.samba.org/index.php/LinuxCIFS_utils"
@@ -18,6 +18,10 @@ source="https://ftp.samba.org/pub/linux-cifs/$pkgname/$pkgname-$pkgver.tar.bz2
xattr_size_max.patch
"
+# secfixes:
+# 6.11-r0:
+# - CVE-2020-14342
+
prepare() {
default_prepare
autoreconf -vif
@@ -48,7 +52,7 @@ package() {
chmod u+s "$pkgdir"/sbin/mount.cifs
}
-sha512sums="e19ca69b7948f01c1fd6a4ed069e00511588b903a5b8b0dc35ac1e00743170b9ca180b747c47d56cfacf273b296da21df60e1957404f26ebf2ba80bfa7e275cc cifs-utils-6.10.tar.bz2
+sha512sums="064c0ac75572fb44908390508462e4fdfe0686751149fd8b656a209dd961a5a24a7d9774c38c0e72fa5f9875b43aea7bf2de038c4e4a63a11664e71d9003100e cifs-utils-6.11.tar.bz2
99a2fab05bc2f14a600f89526ae0ed2c183cfa179fe386cb327075f710aee3aed5ae823f7c2f51913d1217c2371990d6d4609fdb8d80288bd3a6139df3c8aebe musl-fix-includes.patch
f3acb4f7873628d67c7dfb2378135c302fe382e314277829ea5569710bac0ddb43684aa6d143327d735aec641997084eaa567823b534138ed884bd74044b652a respect-destdir.patch
2a9366ec1ddb0389c535d2fa889f63287cb8374535a47232de102c7e50b6874f67a3d5ef3318df23733300fd8459c7ec4b11f3211508aca7800b756119308e98 xattr_size_max.patch"
diff --git a/user/claws-mail/APKBUILD b/user/claws-mail/APKBUILD
index 72256b3a5..1554a00da 100644
--- a/user/claws-mail/APKBUILD
+++ b/user/claws-mail/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: A. Wilcox <awilfox@adelielinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=claws-mail
-pkgver=3.17.6
+pkgver=3.17.8
pkgrel=0
pkgdesc="User-friendly, lightweight, and fast email client"
url="https://www.claws-mail.org/"
@@ -15,6 +15,10 @@ makedepends="compface-dev curl-dev dbus-glib-dev enchant-dev gnutls-dev
subpackages="$pkgname-doc $pkgname-lang"
source="https://www.claws-mail.org/download.php?file=releases/claws-mail-$pkgver.tar.xz"
+# secfixes:
+# 3.17.8-r0:
+# - CVE-2020-16094
+
build() {
./configure \
--build=$CBUILD \
@@ -36,4 +40,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="07fdf7fce722ee1e50aa155bca720323a58842b372d8295bed33c7245fce5790a1bd3ed7462130664a218a804ab6bd1ba3663ee3e53fbbac6a4a477dd676ede0 claws-mail-3.17.6.tar.xz"
+sha512sums="dc29c968dc81a184af8f66c1afe5c9d17558ce6a4a8b196136a9fb5deec96aa67eec42148ed0f4d6d6ee94aec2791247b9034090dac81beec193bd7d366617d7 claws-mail-3.17.8.tar.xz"
diff --git a/user/confuse/APKBUILD b/user/confuse/APKBUILD
index 4bdfa851f..fc31d73d1 100644
--- a/user/confuse/APKBUILD
+++ b/user/confuse/APKBUILD
@@ -1,10 +1,10 @@
# Contributor: Mira Ressel <aranea@aixah.de>
# Maintainer:
pkgname=confuse
-pkgver=3.2.2
+pkgver=3.3
pkgrel=0
pkgdesc="Small configuration file parser library for C"
-url=" "
+url="https://github.com/martinh/libconfuse"
arch="all"
license="ISC"
depends=""
@@ -12,6 +12,10 @@ makedepends=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
source="https://github.com/martinh/libconfuse/releases/download/v$pkgver/$pkgname-$pkgver.tar.xz"
+# secfixes:
+# 3.3-r0:
+# - CVE-2018-19760
+
build() {
./configure \
--build=$CBUILD \
@@ -34,4 +38,4 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="c6baea65e064fe7f2d1bde187c6dcbb7f03c31f5d777cb04576f9cc2d94e9c96b7ee202e030e9a2c7eb619deb240d9e76fb12b3528ae5aa0d3abe231354d12c9 confuse-3.2.2.tar.xz"
+sha512sums="93cc62d98166199315f65a2f6f540a9c0d33592b69a2c6a57fd17f132aecc6ece39b9813b96c9a49ae2b66a99b7eba1188a9ce9e360e1c5fb4b973619e7088a0 confuse-3.3.tar.xz"
diff --git a/user/eigen/APKBUILD b/user/eigen/APKBUILD
index 125cf77fe..aa2a537d2 100644
--- a/user/eigen/APKBUILD
+++ b/user/eigen/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Bradley J Chambers <brad.chambers@gmail.com>
# Maintainer:
pkgname=eigen
-pkgver=3.3.7
+pkgver=3.3.8
pkgrel=0
pkgdesc="Eigen is a C++ template library for linear algebra"
url="http://eigen.tuxfamily.org/index.php?title=Main_Page"
@@ -11,12 +11,7 @@ license="MPL-2.0"
depends=""
makedepends=""
subpackages="$pkgname-dev"
-source="$pkgname-$pkgver.tar.gz::http://bitbucket.org/eigen/$pkgname/get/$pkgver.tar.gz"
-
-prepare() {
- mv "$srcdir"/eigen-eigen-* "$builddir" # directory name contains hash
- default_prepare
-}
+source="https://gitlab.com/libeigen/eigen/-/archive/$pkgver/eigen-$pkgver.tar.gz"
package() {
mkdir -p "$pkgdir"/usr/include/eigen3
@@ -24,4 +19,4 @@ package() {
cp -r "$builddir"/unsupported "$pkgdir"/usr/include/eigen3
}
-sha512sums="34cf600914cce719d61511577ef9cd26fbdcb7a6fad1d0ab8396f98b887fac6a5577d3967e84a8f56225cc50de38f3b91f34f447d14312028383e32b34ea1972 eigen-3.3.7.tar.gz"
+sha512sums="5b4b5985b0294e07b3ed1155720cbbfea322fe9ccad0fc8b0a10060b136a9169a15d5b9cb7a434470cadd45dff0a43049edc20d2e1070005481a120212edc355 eigen-3.3.8.tar.gz"
diff --git a/user/i3status/APKBUILD b/user/i3status/APKBUILD
index 01e567cee..f143b6fc5 100644
--- a/user/i3status/APKBUILD
+++ b/user/i3status/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=i3status
pkgver=2.13
-pkgrel=1
+pkgrel=2
pkgdesc="Status bar generator for dzen2, xmobar or similar"
url="https://i3wm.org/i3status/"
arch="all"
diff --git a/user/libcroco/APKBUILD b/user/libcroco/APKBUILD
index 209720aaa..4470ac952 100644
--- a/user/libcroco/APKBUILD
+++ b/user/libcroco/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer:
pkgname=libcroco
pkgver=0.6.13
-pkgrel=0
+pkgrel=1
pkgdesc="GNOME CSS 2 parsing and manipulation toolkit"
url="https://gitlab.gnome.org/GNOME/libcroco"
arch="all"
@@ -11,11 +11,15 @@ subpackages="$pkgname-dev"
depends=""
makedepends="glib-dev libxml2-dev"
checkdepends="cmd:which"
-source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz"
+source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz
+ CVE-2020-12825.patch
+ "
# secfixes:
# 0.6.12-r2:
# - CVE-2017-7960
+# 0.6.13-r1:
+# - CVE-2020-12825
build() {
./configure \
@@ -34,4 +38,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz"
+sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz
+ae568a259a2a3a90f6cf107b4f0d5a0dbb6cb3a560262a43b96460457a4b72b7c5f45c2df9c061ed1f94c41b71bdcf69bd55582a77bf858e46c2c3c8a55fe6e3 CVE-2020-12825.patch"
diff --git a/user/libcroco/CVE-2020-12825.patch b/user/libcroco/CVE-2020-12825.patch
new file mode 100644
index 000000000..6fa66f659
--- /dev/null
+++ b/user/libcroco/CVE-2020-12825.patch
@@ -0,0 +1,187 @@
+From 44cbd1e718d6a08e59b9300280c340218a84e089 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 12 Aug 2020 13:54:15 -0500
+Subject: [PATCH] libcroco: Limit recursion in block and any productions
+ (CVE-2020-12825)
+
+If we don't have any limits, we can recurse forever and overflow the
+stack.
+
+This is per https://gitlab.gnome.org/Archive/libcroco/-/issues/8
+
+https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1404
+---
+ src/cr-parser.c | 44 ++++++++++++++++++++++++++--------------
+ 1 file changed, 29 insertions(+), 15 deletions(-)
+
+diff --git a/src/cr-parser.c b/src/st/croco/cr-parser.c
+index 07f4ed9e8b..8304b75614 100644
+--- a/src/cr-parser.c
++++ b/src/cr-parser.c
+@@ -136,6 +136,8 @@ struct _CRParserPriv {
+
+ #define CHARS_TAB_SIZE 12
+
++#define RECURSIVE_CALLERS_LIMIT 100
++
+ /**
+ * IS_NUM:
+ *@a_char: the char to test.
+@@ -343,9 +345,11 @@ static enum CRStatus cr_parser_parse_selector_core (CRParser * a_this);
+
+ static enum CRStatus cr_parser_parse_declaration_core (CRParser * a_this);
+
+-static enum CRStatus cr_parser_parse_any_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls);
+
+-static enum CRStatus cr_parser_parse_block_core (CRParser * a_this);
++static enum CRStatus cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls);
+
+ static enum CRStatus cr_parser_parse_value_core (CRParser * a_this);
+
+@@ -783,7 +787,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_parser_try_to_skip_spaces_and_comments (a_this);
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ } while (status == CR_OK);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr,
+@@ -794,7 +798,7 @@ cr_parser_parse_atrule_core (CRParser * a_this)
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status,
+ FALSE);
+ goto done;
+@@ -929,11 +933,11 @@ cr_parser_parse_selector_core (CRParser * a_this)
+
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+
+ } while (status == CR_OK);
+
+@@ -955,10 +959,12 @@ cr_parser_parse_selector_core (CRParser * a_this)
+ *in chapter 4.1 of the css2 spec.
+ *block ::= '{' S* [ any | block | ATKEYWORD S* | ';' ]* '}' S*;
+ *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+ *FIXME: code this function.
+ */
+ static enum CRStatus
+-cr_parser_parse_block_core (CRParser * a_this)
++cr_parser_parse_block_core (CRParser * a_this,
++ guint n_calls)
+ {
+ CRToken *token = NULL;
+ CRInputPos init_pos;
+@@ -966,6 +972,9 @@ cr_parser_parse_block_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this && PRIVATE (a_this), CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++ return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token);
+@@ -995,13 +1004,13 @@ cr_parser_parse_block_core (CRParser * a_this)
+ } else if (token->type == CBO_TK) {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ } else {
+ cr_tknzr_unget_token (PRIVATE (a_this)->tknzr, token);
+ token = NULL;
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ CHECK_PARSING_STATUS (status, FALSE);
+ goto parse_block_content;
+ }
+@@ -1108,7 +1117,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_block_core (a_this);
++ status = cr_parser_parse_block_core (a_this, 0);
+ CHECK_PARSING_STATUS (status, FALSE);
+ ref++;
+ goto continue_parsing;
+@@ -1122,7 +1131,7 @@ cr_parser_parse_value_core (CRParser * a_this)
+ status = cr_tknzr_unget_token (PRIVATE (a_this)->tknzr,
+ token);
+ token = NULL;
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, 0);
+ if (status == CR_OK) {
+ ref++;
+ goto continue_parsing;
+@@ -1161,10 +1170,12 @@ cr_parser_parse_value_core (CRParser * a_this)
+ * | FUNCTION | DASHMATCH | '(' any* ')' | '[' any* ']' ] S*;
+ *
+ *@param a_this the current instance of #CRParser.
++ *@param n_calls used to limit recursion depth
+ *@return CR_OK upon successfull completion, an error code otherwise.
+ */
+ static enum CRStatus
+-cr_parser_parse_any_core (CRParser * a_this)
++cr_parser_parse_any_core (CRParser * a_this,
++ guint n_calls)
+ {
+ CRToken *token1 = NULL,
+ *token2 = NULL;
+@@ -1173,6 +1184,9 @@ cr_parser_parse_any_core (CRParser * a_this)
+
+ g_return_val_if_fail (a_this, CR_BAD_PARAM_ERROR);
+
++ if (n_calls > RECURSIVE_CALLERS_LIMIT)
++ return CR_ERROR;
++
+ RECORD_INITIAL_POS (a_this, &init_pos);
+
+ status = cr_tknzr_get_next_token (PRIVATE (a_this)->tknzr, &token1);
+@@ -1211,7 +1225,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ *We consider parameter as being an "any*" production.
+ */
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1236,7 +1250,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ }
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+@@ -1264,7 +1278,7 @@ cr_parser_parse_any_core (CRParser * a_this)
+ }
+
+ do {
+- status = cr_parser_parse_any_core (a_this);
++ status = cr_parser_parse_any_core (a_this, n_calls + 1);
+ } while (status == CR_OK);
+
+ ENSURE_PARSING_COND (status == CR_PARSING_ERROR);
+--
+GitLab
+
diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD
index cbecdd1a4..5910e7011 100644
--- a/user/libjpeg-turbo/APKBUILD
+++ b/user/libjpeg-turbo/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libjpeg-turbo
-pkgver=2.0.4
-pkgrel=1
+pkgver=2.0.5
+pkgrel=0
pkgdesc="Accelerated JPEG compression and decompression library"
url="https://libjpeg-turbo.org/"
arch="all"
@@ -11,7 +11,6 @@ depends=""
makedepends="cmake"
subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
- CVE-2020-13790.patch
"
case "$CTARGET_ARCH" in
@@ -63,5 +62,4 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz
-83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a CVE-2020-13790.patch"
+sha512sums="5bf9ecf069b43783ff24365febf36dda69ccb92d6397efec6069b2b4f359bfd7b87934a6ce4311873220fccc73acabdacef5ce0604b79209eb1912e8ba478555 libjpeg-turbo-2.0.5.tar.gz"
diff --git a/user/libjpeg-turbo/CVE-2020-13790.patch b/user/libjpeg-turbo/CVE-2020-13790.patch
deleted file mode 100644
index aaeec0c9c..000000000
--- a/user/libjpeg-turbo/CVE-2020-13790.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 2 Jun 2020 14:15:37 -0500
-Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
-
-This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
-include binary PPM files with maximum values < 255, thus preventing a
-malformed binary PPM input file with those specifications from
-triggering an overrun of the rescale array and potentially crashing
-cjpeg, TJBench, or any program that uses the tjLoadImage() function.
-
-Fixes #433
-
-diff --git a/rdppm.c b/rdppm.c
-index 87bc33090..a8507b902 100644
---- a/rdppm.c
-+++ b/rdppm.c
-@@ -5,7 +5,7 @@
- * Copyright (C) 1991-1997, Thomas G. Lane.
- * Modified 2009 by Bill Allombert, Guido Vollbeding.
- * libjpeg-turbo Modifications:
-- * Copyright (C) 2015-2017, D. R. Commander.
-+ * Copyright (C) 2015-2017, 2020, D. R. Commander.
- * For conditions of distribution and use, see the accompanying README.ijg
- * file.
- *
-@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
- /* On 16-bit-int machines we have to be careful of maxval = 65535 */
- source->rescale = (JSAMPLE *)
- (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
-- (size_t)(((long)maxval + 1L) *
-+ (size_t)(((long)MAX(maxval, 255) + 1L) *
- sizeof(JSAMPLE)));
- half_maxval = maxval / 2;
- for (val = 0; val <= (long)maxval; val++) {
diff --git a/user/libproxy/APKBUILD b/user/libproxy/APKBUILD
index 1cdb0c9b5..7a13ebc05 100644
--- a/user/libproxy/APKBUILD
+++ b/user/libproxy/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=libproxy
pkgver=0.4.15
-pkgrel=2
+pkgrel=3
pkgdesc="Library providing automatic proxy configuration management"
url="http://libproxy.github.io/libproxy/"
arch="all"
@@ -14,8 +14,15 @@ subpackages="$pkgname-dev $pkgname-bin py3-$pkgname:py"
source="$pkgname-$pkgver.tar.gz::https://github.com/libproxy/libproxy/archive/$pkgver.tar.gz
libproxy-0.4.7-unistd.patch
fix-includes.patch
+ CVE-2020-25219.patch
+ CVE-2020-26154.patch
"
+# secfixes:
+# 0.4.15-r3:
+# - CVE-2020-25219
+# - CVE-2020-26154
+
build() {
cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
@@ -55,4 +62,6 @@ py() {
sha512sums="8f68bd56e44aeb3f553f4657bef82a5d14302780508dafa32454d6f724b724c884ceed6042f8df53a081d26ea0b05598cf35eab44823257c47c5ef8afb36442b libproxy-0.4.15.tar.gz
9929c308195bc59c1b9a7ddaaf708fb831da83c5d86d7ce122cb9774c9b9b16aef3c17fb721356e33a865de1af27db493f29a99d292e1e258cd0135218cacd32 libproxy-0.4.7-unistd.patch
-e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch"
+e35b4f806e5f60e9b184d64dceae62e6e343c367ee96d7e461388f2665fe2ab62170d41848c9da5322bb1719eff3bfaecb273e40a97ce940a5e88d29d03bd8d9 fix-includes.patch
+908fbf49bec18764a8c2ab81ef5d5e6e1fc2423cf9a6608cc7d3a6d5ac44676e171646b0f95b39b7ade108afd62cc2ede8f7b57d6ba0d67025f30b18e5084292 CVE-2020-25219.patch
+01c784a8016bb2a2bf5058b6af7fac29250542bfd4e0679a91fa223c821336d651f8f4a968763072edb86a78a743618c312a2daeb2963c8e5207109f2d26a18f CVE-2020-26154.patch"
diff --git a/user/libproxy/CVE-2020-25219.patch b/user/libproxy/CVE-2020-25219.patch
new file mode 100644
index 000000000..03cfbc00e
--- /dev/null
+++ b/user/libproxy/CVE-2020-25219.patch
@@ -0,0 +1,57 @@
+From a83dae404feac517695c23ff43ce1e116e2bfbe0 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@gnome.org>
+Date: Wed, 9 Sep 2020 11:12:02 -0500
+Subject: [PATCH] Rewrite url::recvline to be nonrecursive
+
+This function processes network input. It's semi-trusted, because the
+PAC ought to be trusted. But we still shouldn't allow it to control how
+far we recurse. A malicious PAC can cause us to overflow the stack by
+sending a sufficiently-long line without any '\n' character.
+
+Also, this function failed to properly handle EINTR, so let's fix that
+too, for good measure.
+
+Fixes #134
+---
+ libproxy/url.cpp | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..68d69cd 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -388,16 +388,24 @@ string url::to_string() const {
+ return m_orig;
+ }
+
+-static inline string recvline(int fd) {
+- // Read a character.
+- // If we don't get a character, return empty string.
+- // If we are at the end of the line, return empty string.
+- char c = '\0';
+-
+- if (recv(fd, &c, 1, 0) != 1 || c == '\n')
+- return "";
+-
+- return string(1, c) + recvline(fd);
++static string recvline(int fd) {
++ string line;
++ int ret;
++
++ // Reserve arbitrary amount of space to avoid small memory reallocations.
++ line.reserve(128);
++
++ do {
++ char c;
++ ret = recv(fd, &c, 1, 0);
++ if (ret == 1) {
++ if (c == '\n')
++ return line;
++ line += c;
++ }
++ } while (ret == 1 || (ret == -1 && errno == EINTR));
++
++ return line;
+ }
+
+ char* url::get_pac() {
diff --git a/user/libproxy/CVE-2020-26154.patch b/user/libproxy/CVE-2020-26154.patch
new file mode 100644
index 000000000..929083327
--- /dev/null
+++ b/user/libproxy/CVE-2020-26154.patch
@@ -0,0 +1,93 @@
+From 4411b523545b22022b4be7d0cac25aa170ae1d3e Mon Sep 17 00:00:00 2001
+From: Fei Li <lifeibiren@gmail.com>
+Date: Fri, 17 Jul 2020 02:18:37 +0800
+Subject: [PATCH] Fix buffer overflow when PAC is enabled
+
+The bug was found on Windows 10 (MINGW64) when PAC is enabled. It turned
+out to be the large PAC file (more than 102400 bytes) returned by a
+local proxy program with no content-length present.
+---
+ libproxy/url.cpp | 44 +++++++++++++++++++++++++++++++-------------
+ 1 file changed, 31 insertions(+), 13 deletions(-)
+
+diff --git a/libproxy/url.cpp b/libproxy/url.cpp
+index ee776b2..8684086 100644
+--- a/libproxy/url.cpp
++++ b/libproxy/url.cpp
+@@ -54,7 +54,7 @@ using namespace std;
+ #define PAC_MIME_TYPE_FB "text/plain"
+
+ // This is the maximum pac size (to avoid memory attacks)
+-#define PAC_MAX_SIZE 102400
++#define PAC_MAX_SIZE 0x800000
+ // This is the default block size to use when receiving via HTTP
+ #define PAC_HTTP_BLOCK_SIZE 512
+
+@@ -478,15 +478,13 @@ char* url::get_pac() {
+ }
+
+ // Get content
+- unsigned int recvd = 0;
+- buffer = new char[PAC_MAX_SIZE];
+- memset(buffer, 0, PAC_MAX_SIZE);
++ std::vector<char> dynamic_buffer;
+ do {
+ unsigned int chunk_length;
+
+ if (chunked) {
+ // Discard the empty line if we received a previous chunk
+- if (recvd > 0) recvline(sock);
++ if (!dynamic_buffer.empty()) recvline(sock);
+
+ // Get the chunk-length line as an integer
+ if (sscanf(recvline(sock).c_str(), "%x", &chunk_length) != 1 || chunk_length == 0) break;
+@@ -498,21 +496,41 @@ char* url::get_pac() {
+
+ if (content_length >= PAC_MAX_SIZE) break;
+
+- while (content_length == 0 || recvd != content_length) {
+- int r = recv(sock, buffer + recvd,
+- content_length == 0 ? PAC_HTTP_BLOCK_SIZE
+- : content_length - recvd, 0);
++ while (content_length == 0 || dynamic_buffer.size() != content_length) {
++ // Calculate length to recv
++ unsigned int length_to_read = PAC_HTTP_BLOCK_SIZE;
++ if (content_length > 0)
++ length_to_read = content_length - dynamic_buffer.size();
++
++ // Prepare buffer
++ dynamic_buffer.resize(dynamic_buffer.size() + length_to_read);
++
++ int r = recv(sock, dynamic_buffer.data() + dynamic_buffer.size() - length_to_read, length_to_read, 0);
++
++ // Shrink buffer to fit
++ if (r >= 0)
++ dynamic_buffer.resize(dynamic_buffer.size() - length_to_read + r);
++
++ // PAC size too large, discard
++ if (dynamic_buffer.size() >= PAC_MAX_SIZE) {
++ chunked = false;
++ dynamic_buffer.clear();
++ break;
++ }
++
+ if (r <= 0) {
+ chunked = false;
+ break;
+ }
+- recvd += r;
+ }
+ } while (chunked);
+
+- if (content_length != 0 && string(buffer).size() != content_length) {
+- delete[] buffer;
+- buffer = NULL;
++ if (content_length == 0 || content_length == dynamic_buffer.size()) {
++ buffer = new char[dynamic_buffer.size() + 1];
++ if (!dynamic_buffer.empty()) {
++ memcpy(buffer, dynamic_buffer.data(), dynamic_buffer.size());
++ }
++ buffer[dynamic_buffer.size()] = '\0';
+ }
+ }
+
diff --git a/user/meson/APKBUILD b/user/meson/APKBUILD
index d975e1460..5164bae64 100644
--- a/user/meson/APKBUILD
+++ b/user/meson/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer:
pkgname=meson
-pkgver=0.52.1
+pkgver=0.55.3
pkgrel=0
pkgdesc="Fast, user-friendly build system"
url="https://mesonbuild.com/"
@@ -24,4 +24,4 @@ package() {
python3 setup.py install --prefix=/usr --root="$pkgdir"
}
-sha512sums="81e8c5897ba5311ccffc401fd514bd9a67d16caaea1f28a5c5432605766341ecd82b70c05661fbbe0c9a6006ff5ea892950bbaa548e70c3f87350438775ea6fd meson-0.52.1.tar.gz"
+sha512sums="afb0bb25b367e681131d920995124df4b06f6d144ae1a95ebec27be13e06fefbd95840e0287cd1d84bdbb8d9c115b589a833d847c60926f55e0f15749cf66bae meson-0.55.3.tar.gz"
diff --git a/user/yubikey-personalization/APKBUILD b/user/yubikey-personalization/APKBUILD
index 1db97be94..3ff2ce728 100644
--- a/user/yubikey-personalization/APKBUILD
+++ b/user/yubikey-personalization/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Kiyoshi Aman <adelie@aerdan.vulpine.house>
pkgname=yubikey-personalization
pkgver=1.20.0
-pkgrel=0
+pkgrel=1
pkgdesc="Cross-platform library & tools for personalizing YubiKey devices"
url="https://developers.yubico.com/yubikey-personalization/"
arch="all"
@@ -13,6 +13,7 @@ makedepends="yubico-c-dev libusb-dev json-c-dev asciidoctor
subpackages="$pkgname-dev $pkgname-doc"
source="yubikey-personalization-$pkgver.tar.gz::https://github.com/Yubico/yubikey-personalization/archive/v$pkgver.tar.gz
use-asciidoctor.patch
+ json_c.patch
"
prepare() {
@@ -40,4 +41,5 @@ package() {
}
sha512sums="a38b26700793f0a801e5f5889bbbce4a3f728d22aaecf8d0890f1b5135e67bed16a78b7a36dbc323c5d296901f6dd420fa658a982492a0cd9f0bbf95a5fbc823 yubikey-personalization-1.20.0.tar.gz
-d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch"
+d6777a43e5e57430268bb50ab704641465a7314b15fc821d8bfa7f0c6510829d0118ced426cd5f8730589efe6264df6b82fc70e8bfe3d8b7d735e51339a25af2 use-asciidoctor.patch
+a8bc7ae71d0a05476688abfaea070ca7dc2eaa68e033524d4a1b2b6240eec2932d867e9eeaa248874a04f254618cd79bf9ebaa17421938b0c2e62502bf90c055 json_c.patch"
diff --git a/user/yubikey-personalization/json_c.patch b/user/yubikey-personalization/json_c.patch
new file mode 100644
index 000000000..ca5a918d2
--- /dev/null
+++ b/user/yubikey-personalization/json_c.patch
@@ -0,0 +1,83 @@
+From 0aa2e2cae2e1777863993a10c809bb50f4cde7f8 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Sat, 25 Apr 2020 20:55:28 +0200
+Subject: [PATCH] fix boolean value with json-c 0.14
+
+Upstream removed the TRUE and FALSE defines in commit
+0992aac61f8b087efd7094e9ac2b84fa9c040fcd.
+---
+ ykpers-json.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/ykpers-json.c b/ykpers-json.c
+index a62e907..15ad380 100644
+--- a/ykpers-json.c
++++ b/ykpers-json.c
+@@ -40,7 +40,7 @@
+ #define yk_json_object_object_get(obj, key, value) json_object_object_get_ex(obj, key, &value)
+ #else
+ typedef int json_bool;
+-#define yk_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE
++#define yk_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? 0 : 1
+ #endif
+
+ static void set_json_value(struct map_st *p, int mode, json_object *options, YKP_CONFIG *cfg) {
+@@ -50,7 +50,7 @@ static void set_json_value(struct map_st *p, int mode, json_object *options, YKP
+ if(p->mode && (mode & p->mode) == mode) {
+ json_object *joption;
+ json_bool ret = yk_json_object_object_get(options, p->json_text, joption);
+- if(ret == TRUE && json_object_get_type(joption) == json_type_boolean) {
++ if(ret == 1 && json_object_get_type(joption) == json_type_boolean) {
+ int value = json_object_get_boolean(joption);
+ if(value == 1) {
+ p->setter(cfg, true);
+@@ -230,20 +230,20 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+- if(yk_json_object_object_get(jobj, "yubiProdConfig", yprod_json) == FALSE) {
++ if(yk_json_object_object_get(jobj, "yubiProdConfig", yprod_json) == 0) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+- if(yk_json_object_object_get(yprod_json, "mode", jmode) == FALSE) {
++ if(yk_json_object_object_get(yprod_json, "mode", jmode) == 0) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+- if(yk_json_object_object_get(yprod_json, "options", options) == FALSE) {
++ if(yk_json_object_object_get(yprod_json, "options", options) == 0) {
+ ykp_errno = YKP_EINVAL;
+ goto out;
+ }
+
+- if(yk_json_object_object_get(yprod_json, "targetConfig", jtarget) == TRUE) {
++ if(yk_json_object_object_get(yprod_json, "targetConfig", jtarget) == 1) {
+ int target_config = json_object_get_int(jtarget);
+ int command;
+ if(target_config == 1) {
+@@ -275,13 +275,13 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) {
+ if(mode == MODE_OATH_HOTP) {
+ json_object *jdigits, *jrandom;
+ ykp_set_tktflag_OATH_HOTP(cfg, true);
+- if(yk_json_object_object_get(options, "oathDigits", jdigits) == TRUE) {
++ if(yk_json_object_object_get(options, "oathDigits", jdigits) == 1) {
+ int digits = json_object_get_int(jdigits);
+ if(digits == 8) {
+ ykp_set_cfgflag_OATH_HOTP8(cfg, true);
+ }
+ }
+- if(yk_json_object_object_get(options, "randomSeed", jrandom) == TRUE) {
++ if(yk_json_object_object_get(options, "randomSeed", jrandom) == 1) {
+ int random = json_object_get_boolean(jrandom);
+ int seed = 0;
+ if(random == 1) {
+@@ -290,7 +290,7 @@ int _ykp_json_import_cfg(YKP_CONFIG *cfg, const char *json, size_t len) {
+ goto out;
+ } else {
+ json_object *jseed;
+- if(yk_json_object_object_get(options, "fixedSeedvalue", jseed) == TRUE) {
++ if(yk_json_object_object_get(options, "fixedSeedvalue", jseed) == 1) {
+ seed = json_object_get_int(jseed);
+ }
+ }